Basic stuff

iw list

Aircrack-ng

Start chipset in monitor mode

First try to start your interface in monitor without doing a “check kill”

Ask NetworkManager to not manage your interface

nmcli dev set <interface> managed no

Monitor mode

airmon-ng
airmon-ng check <wlan1>
airmon-ng check kill
airmon-ng start <wlan1> <channel> -w <out>
airmon-ng start <wlan1> --band <abg> 

Only show supplicants associated to a specific BSSID

airmon-ng start <wlan1> -c <channel> --bssid <bssid> -a 
Stop monitor mode
airmon-ng stop <wlan1mon>
service network-manager start
Scanning
airodump-ng <wlan1mon>
airodump-ng <wlan1mon> -c <channel> --bssid <bssid> -w <out>

Bettercap
Install

Download the zip https://github.com/bettercap/bettercap/releases
apt install golang libpcap-dev libusb-1.0-0-dev libnetfilter-queue-dev
/opt/bettercap -eval "caplets.update; q"
/opt/bettercap -eval "caplets.update; ui.update; q"

GUI:

/opt/bettercap -caplet "http-ui"
Association

One packet for association

aireplay-ng -1 0 -e <ESSID> -a <ap_mac> -h <chipset_mac> <wlan1mon>

Association with keep-alive

aireplay-ng -1 6000 -o 1 -q 10 -e <ESSID> -a <ap_mac> -h <chipset_mac> <wlan1mon>
Deauthentication
aireplay-ng -0 <nb_deauth> -a <ap_mac> -c <supplicant_mac> <wlan1mon>

Deauthenticate with broadcast address

aireplay-ng -0 20 -a <ap_mac> -c FF:FF:FF:FF:FF:FF <wlan1mon>
Decrypt capture files

For WPA/WPA2 encryption, at least handshake packets 2-3 or 3-4 are necessary.

airdecap-ng -e <essid> -p <PSK> (-b <ap_mac>) <cap_file>

Repeater

airtun-ng -a <ap_mac_source> --repeat (--bssid <ap_mac_source_filtering>) -i <mon0_source> <mon1_dest>

Get Wi-Fi passwords from a host

It does not need administrator privileges on W10. But the PSK can be protected in which case administrator privileges are required to get the clear text PSK.

Export all information in XML files in a folder

netsh wlan export profile folder=<C:\Windows\Temp> key=clear

Print known PSK

netsh wlan show profiles|Select-String -Pattern " User Profile"|ForEach-Object{echo $_.Line.split(':')[1].trim()}|ForEach-Object{netsh wlan show profiles name=$_ key=clear}|Select-String -Pattern "Key Content|S$"
cls & echo. & for /f "tokens=4 delims=: " %a in ('netsh wlan show profiles ^| find "Profile "') do @echo off > nul & (netsh wlan show profiles name=%a key=clear | findstr "SSID Cipher Content" | find /v "Number" & echo.) & @echo on

Delete profiles

netsh wlan show profiles
netsh wlan delete profile name=*